{"id":2678,"date":"2016-01-15T12:49:39","date_gmt":"2016-01-15T04:49:39","guid":{"rendered":"http:\/\/staging.bankvaultonline.com\/?p=2678"},"modified":"2016-01-15T12:49:39","modified_gmt":"2016-01-15T04:49:39","slug":"trend-micro-anti-virus-exposes-customer-pcs","status":"publish","type":"post","link":"https:\/\/www.bankvault.com\/trend-micro-anti-virus-exposes-customer-pcs\/","title":{"rendered":"Warning: Trend Micro exposes customer PC&#8217;s to external attackers"},"content":{"rendered":"<h2>Google Security Research today announced Trend Micro anti-virus has a major design flaw allowing external attackers to execute or install any software on a remote PC.<\/h2>\n<p>When you install Trend Micro Antivirus for Windows, it also installs a web server as part of its software suite to handle internal API requests. One of these API request handlers uses the Windows system call &#8220;ShellExecute&#8221;, which allows you to run any piece of software on the PC. This web server is also running as a privileged user, so even if you don&#8217;t have admin access on you PC, this software does!<\/p>\n<p>So for example, someone could send you an email with an attached .html file that, when viewed, could do anything, such as:<\/p>\n<ul class=\"bullet\">\n<li>Format your HD<\/li>\n<li>Download and install a keylogger<\/li>\n<li>Uninstall TrendMicro Antivirus for you<\/li>\n<\/ul>\n<p>A link to original announcement from Google:<\/p>\n<p><a href=\"https:\/\/code.google.com\/p\/google-security-research\/issues\/detail?id=693\" target=\"_blank\">https:\/\/code.google.com\/p\/google-security-research\/issues\/detail?id=693<\/a><\/p>\n<p>While Trend Micro are working on a fix, the industry analysts are polemicizing whether this was a deliberate feature, not a mistake.<br \/>\nIn a world where trust is critical, the crucial question is now being asked: &#8220;Are there any more holes and are we even safe from our anti-virus?&#8221;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Google Security Research today announced Trend Micro anti-virus has a major design flaw allowing external attackers to execute or install any software on a remote PC. When you install Trend Micro Antivirus for Windows, it also installs a web server as part of its software suite to handle internal API requests. One of these API [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[252],"tags":[276,170,24],"class_list":["post-2678","post","type-post","status-publish","format-standard","hentry","category-alerts","tag-alerts","tag-antivirus-software","tag-keylogger"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.2 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Warning: Trend Micro exposes customer PC&#039;s to external attackers - BankVault<\/title>\n<meta name=\"description\" content=\"Google Security Research today announced Trend Micro anti-virus has a major design flaw allowing external attackers to execute any software on a remote PC.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.bankvault.com\/trend-micro-anti-virus-exposes-customer-pcs\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Warning: Trend Micro exposes customer PC&#039;s to external attackers - BankVault\" \/>\n<meta property=\"og:description\" content=\"Google Security Research today announced Trend Micro anti-virus has a major design flaw allowing external attackers to execute any software on a remote PC.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.bankvault.com\/trend-micro-anti-virus-exposes-customer-pcs\/\" \/>\n<meta property=\"og:site_name\" content=\"BankVault\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/BankVaultOnline\/\" \/>\n<meta property=\"article:published_time\" content=\"2016-01-15T04:49:39+00:00\" \/>\n<meta name=\"author\" content=\"BankVault\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@bankvaultonline\" \/>\n<meta name=\"twitter:site\" content=\"@bankvaultonline\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"BankVault\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Warning: Trend Micro exposes customer PC's to external attackers - BankVault","description":"Google Security Research today announced Trend Micro anti-virus has a major design flaw allowing external attackers to execute any software on a remote PC.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.bankvault.com\/trend-micro-anti-virus-exposes-customer-pcs\/","og_locale":"en_US","og_type":"article","og_title":"Warning: Trend Micro exposes customer PC's to external attackers - BankVault","og_description":"Google Security Research today announced Trend Micro anti-virus has a major design flaw allowing external attackers to execute any software on a remote PC.","og_url":"https:\/\/www.bankvault.com\/trend-micro-anti-virus-exposes-customer-pcs\/","og_site_name":"BankVault","article_publisher":"https:\/\/www.facebook.com\/BankVaultOnline\/","article_published_time":"2016-01-15T04:49:39+00:00","author":"BankVault","twitter_card":"summary_large_image","twitter_creator":"@bankvaultonline","twitter_site":"@bankvaultonline","twitter_misc":{"Written by":"BankVault","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.bankvault.com\/trend-micro-anti-virus-exposes-customer-pcs\/#article","isPartOf":{"@id":"https:\/\/www.bankvault.com\/trend-micro-anti-virus-exposes-customer-pcs\/"},"author":{"name":"BankVault","@id":"https:\/\/www.bankvault.com\/#\/schema\/person\/76e0aa85d5ac5405b47c0760eb9ab639"},"headline":"Warning: Trend Micro exposes customer PC&#8217;s to external attackers","datePublished":"2016-01-15T04:49:39+00:00","dateModified":"2016-01-15T04:49:39+00:00","mainEntityOfPage":{"@id":"https:\/\/www.bankvault.com\/trend-micro-anti-virus-exposes-customer-pcs\/"},"wordCount":210,"commentCount":0,"publisher":{"@id":"https:\/\/www.bankvault.com\/#organization"},"keywords":["Alerts","antivirus software","keylogger"],"articleSection":["Latest Cybersecurity Threats"],"inLanguage":"en-AU","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.bankvault.com\/trend-micro-anti-virus-exposes-customer-pcs\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.bankvault.com\/trend-micro-anti-virus-exposes-customer-pcs\/","url":"https:\/\/www.bankvault.com\/trend-micro-anti-virus-exposes-customer-pcs\/","name":"Warning: Trend Micro exposes customer PC's to external attackers - BankVault","isPartOf":{"@id":"https:\/\/www.bankvault.com\/#website"},"datePublished":"2016-01-15T04:49:39+00:00","dateModified":"2016-01-15T04:49:39+00:00","description":"Google Security Research today announced Trend Micro anti-virus has a major design flaw allowing external attackers to execute any software on a remote PC.","breadcrumb":{"@id":"https:\/\/www.bankvault.com\/trend-micro-anti-virus-exposes-customer-pcs\/#breadcrumb"},"inLanguage":"en-AU","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.bankvault.com\/trend-micro-anti-virus-exposes-customer-pcs\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.bankvault.com\/trend-micro-anti-virus-exposes-customer-pcs\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.bankvault.com\/"},{"@type":"ListItem","position":2,"name":"Warning: Trend Micro exposes customer PC&#8217;s to external attackers"}]},{"@type":"WebSite","@id":"https:\/\/www.bankvault.com\/#website","url":"https:\/\/www.bankvault.com\/","name":"BankVault","description":"cybersecurity","publisher":{"@id":"https:\/\/www.bankvault.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.bankvault.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-AU"},{"@type":"Organization","@id":"https:\/\/www.bankvault.com\/#organization","name":"BankVault","url":"https:\/\/www.bankvault.com\/","logo":{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.bankvault.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.bankvault.com\/wp-content\/uploads\/2018\/11\/BankVault-Logo-Light.png","contentUrl":"https:\/\/www.bankvault.com\/wp-content\/uploads\/2018\/11\/BankVault-Logo-Light.png","width":1212,"height":275,"caption":"BankVault"},"image":{"@id":"https:\/\/www.bankvault.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/BankVaultOnline\/","https:\/\/x.com\/bankvaultonline"]},{"@type":"Person","@id":"https:\/\/www.bankvault.com\/#\/schema\/person\/76e0aa85d5ac5405b47c0760eb9ab639","name":"BankVault","image":{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.bankvault.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/?s=96&d=mm&r=g","caption":"BankVault"},"url":"https:\/\/www.bankvault.com\/author\/bankvault\/"}]}},"_links":{"self":[{"href":"https:\/\/www.bankvault.com\/wp-json\/wp\/v2\/posts\/2678","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.bankvault.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.bankvault.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.bankvault.com\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.bankvault.com\/wp-json\/wp\/v2\/comments?post=2678"}],"version-history":[{"count":0,"href":"https:\/\/www.bankvault.com\/wp-json\/wp\/v2\/posts\/2678\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.bankvault.com\/wp-json\/wp\/v2\/media?parent=2678"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.bankvault.com\/wp-json\/wp\/v2\/categories?post=2678"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.bankvault.com\/wp-json\/wp\/v2\/tags?post=2678"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}